filmov
tv
SQL injection attack, querying the database type and version on Oracle | Web Security Academy
Показать описание
This lab contains an SQL injection vulnerability in the product category filter. You can use a UNION attack to retrieve the results from an injected query.
To solve the lab, display the database version string.
Note
On Oracle databases, every SELECT statement must specify a table to select FROM. If your UNION SELECT attack does not query from a table, you will still need to include the FROM keyword followed by a valid table name.
There is a built-in table on Oracle called DUAL which you can use for this purpose. For example: UNION SELECT 'abc' FROM DUAL
To solve the lab, display the database version string.
Note
On Oracle databases, every SELECT statement must specify a table to select FROM. If your UNION SELECT attack does not query from a table, you will still need to include the FROM keyword followed by a valid table name.
There is a built-in table on Oracle called DUAL which you can use for this purpose. For example: UNION SELECT 'abc' FROM DUAL
0:00:33
0:12:35
0:09:08
0:10:14
0:02:46
0:03:30
0:04:40
1:09:59
0:06:36
0:06:12
0:06:42
0:02:11
0:06:20
![[Web Security Academy]](https://i.ytimg.com/vi/nJJRD2_bpqY/hqdefault.jpg)
0:02:41
0:04:43
0:00:36
0:13:31
0:05:25
0:27:04
0:02:05
0:04:25
0:05:11
0:03:05
0:06:27